Router using wrong Certificate after update to 3004.388.6

[TheAccountOfTeo997]

Hello, I just updated my RT-AX88U to 3004.388.6.
All went smooth except for one thing, the browser started throwing a certificate warning after the update. Basically now, even though I supplied my own certificate (as it was working before), the router always uses the RT-AX88U-E5E8 Server Certificate from RT-AX88U-E5E8_CA, which is not what i want. Is this the supposed behaviour or can I still keep using my certificate?
(I've also tried reuploading it but no luck)

 

[bennor]

Hello, I just updated my RT-AX88U to 3004.388.6.

Maybe it's an issue related to this from the Change Log notes for 3005.388.6:

- NOTE: Asus reworked the way SSL certificates are handled in
24353. The automatic conversion code does not always
work properly, you might need to force your router
to re-generate its SSL certificates by toggling the
SSL mode on the DDNS page.

 

[John Fitzgerald]

Hello, I just updated my RT-AX88U to 3004.388.6.
All went smooth except for one thing, the browser started throwing a certificate warning after the update. Basically now, even though I supplied my own certificate (as it was working before), the router always uses the RT-AX88U-E5E8 Server Certificate from RT-AX88U-E5E8_CA, which is not what i want. Is this the supposed behaviour or can I still keep using my certificate?
(I've also tried reuploading it but no luck)

See here post #189

Release - Asuswrt-Merlin 3004.388.6 is now available

wow good wifi app that wifimann

www.snbforums.com

Then look at post #198 and #199

 

[wumbly]

See here post #189

Release - Asuswrt-Merlin 3004.388.6 is now available

wow good wifi app that wifimann

www.snbforums.com

Then look at post #198 and #199

There are some of us (me) having this issue where I do not utilize in any way shape or form, nor do I need to use, the DDNS feature. Regardless, turning it on does not resolve the issue. I am using a public certificate from GlobalSign which previously worked before this firmware upgrade. Let's Encrypt is an option but 1) this was already working and 2) there isn't really a need to jump through getting essentially certbot (in some form or capacity) working when I have a valid, working certificate already.

 

[John Fitzgerald]

There are some of us (me) having this issue where I do not utilize in any way shape or form, nor do I need to use, the DDNS feature. Regardless, turning it on does not resolve the issue. I am using a public certificate from GlobalSign which previously worked before this firmware upgrade. Let's Encrypt is an option but 1) this was already working and 2) there isn't really a need to jump through getting essentially certbot (in some form or capacity) working when I have a valid, working certificate already.

So where's the problem then?

 

[wumbly]

So where's the problem then?

Firmware 3004.388.5 on RT-AX88U:

1. Log in to admin portal.
2. Go to Advanced Settings > Administration > System tab.
3. Scroll to Local Access Config section.
   • Can't remember if DDNS option is shown here, but this is turned off in this scenario regardless.
4. In "Provide your own certificate" section, upload unencrypted PKCS8 private key file and full chain PEM certificate file. Details populate on Installed Server Certificate section. Confirm details are of public certificate authority. No need to turn on DDNS.
5. Click Apply.
6. Certificate is then used correctly going forward (admin portal has certificate bound to HTTPS port, in this case 8443), may need to clear cache or double check with incognito mode.

Firmware 3004.388.6 on RT-AX88U:

1. Log in to admin portal.
2. Go to Advanced Settings > Administration > System tab.
3. Scroll to Local Access Config > Installed Server Certificate > Click here to manage.
4. Upload unencrypted PKCS8 private key file and full chain PEM certificate file. Details populate on Server Certificate section. Confirm details are of public certificate authority. DDNS is turned off.
5. Click Apply.
6. Uploaded certificate is not bound to HTTPS port.
7. Check in browser, confirm certificate is still ASUS self signed cert.
8. Confirm again that yes, Server Certificate data is correct.
9. Reboot device. No effect. Even checking in incognito window of given browser, certificate is self signed.
10. Turn on DDNS. No change.
11. Reboot. No change.
12. In Server Certificate field, click Export. Self signed certificate is exported even though Server Certificate field is displaying public certificate details. Also now noting the Root Certificate/Intermediate Certificate field is blank.

Is there a new way to accomplish this? Or is this broken?

 

[wumbly]

I am going to revamp my previous post a bit soon as I've gone back to 3004.388.5 ...
Done, certificate working as expected back on 3004.388.5.

 

[Jeffrey Young]

Following... In case there is a break. I too do not use DDNS, but I use ZeroSSL certificate on the router for webgui access. I upload manually via SSH and NVRAM commands.

I have seen a couple of people have this issue now. I was hoping that 388.6 was the version to finally prompt me to upgrade from 386.7, but think I will stay put for now. Engineers! They love to change what was working just fine.